← Back

CVE-2023-3354

nvd nist
Published: Jul 11, 2023Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake phase and fails, QEMU cleans up the connection again, resulting in a NULL pointer dereference issue. This could allow a remote unauthenticated client to cause a denial of service.

Affected (9)

Qemu
1 product
Qemu
Redhat
2 products
Enterprise Linux
Openstack Platform
Fedoraproject
1 product
Fedora
Configuration A
3 vulnerable
Vulnerable SoftwareAffected Versions
Qemu
Qemu
Before 8.1.0
Qemu
Version 8.1.0 rc0
Qemu
Version 8.1.0 rc1
Configuration B
5 vulnerable
Vulnerable SoftwareAffected Versions
Redhat
Enterprise Linux
Version 7.0
Enterprise Linux
Version 8.0
Enterprise Linux
Version 8.0
Enterprise Linux
Version 9.0
Openstack Platform
Version 13.0
Configuration C
1 vulnerable
Vulnerable SoftwareAffected Versions
Fedora
Version 38

Related CWEs

CWE-476
NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.

References (8)

Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Issue TrackingPatch
Source: secalert@redhat.com
Source: secalert@redhat.com
Mailing List
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingPatch
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List

Timeline

No history available yet.